Wednesday, September 02, 2009

The Trickyness that is called xhost, xauth, and X in general

Goal: Export a display from a linux client to a RHEL x-server with xauth security

I don't cover all of the details below, but just cover some gotchas.  For some good details on xhost and xauth, see here:

Here are some things that might get in your way:

1) iptables

RHEL blocks most ports out of the box.  The iptables configuration is found here: /etc/sysconfig/iptables.  After making changes, it can be reloaded by issuing this command: "service iptables restart".  

I noticed that ssh was connecting just fine, so I copied the line allowing port 22 connections and changed it to allow port 6000 (x11) connections.  

2) xhost

To disable host checking, issue the following: "xhost +".  Warning: This opens up your system completely as well as disables xauth.

To reenable: "xhost -"

To grant a host permission: "xhost +hostname"

3) xauth

Note: for xauth to work, xhost cannot be disabled.  Also, if xhost is granting permission to your client, it won't bother to check with xauth.  Moral of the story: Enable xhost, but don't add anything to it.

To make sure xauth is being used on the x-server, issue the following: "ps aux | grep auth" and look at the output.  You should see an .Xauthority (or similar file) being referenced.

Both the client and the server must have the cookie for xauth to work.  Run "xauth" and issue the command "list" at the prompt.  On the server, things should be in terms of the server's hostname.  On the client they should also be in terms of the server's hostname.






Some errors related to the above gotchas:
No protocol specified
Xt error: Can't open display ip:0.0




No comments:

Pyjamas